BREAKING CHANGE: update: migrate to better-sqlite3#20
BREAKING CHANGE: update: migrate to better-sqlite3#20UnschooledGamer wants to merge 13 commits intoAcode-Foundation:mainfrom
Conversation
Greptile SummaryThis PR migrates the database layer from Issues found:
Confidence Score: 2/5
Important Files Changed
Sequence DiagramsequenceDiagram
participant Client
participant CommentAPI as server/apis/comment.js
participant Entity as Entity.execSql
participant DB as better-sqlite3
Client->>CommentAPI: POST /api/comment (plugin_id, comment, vote)
CommentAPI->>Entity: Comment.insert(...)
Entity->>DB: db.prepare(INSERT).run(...values)
DB-->>Entity: (write result, ignored → [])
Entity-->>CommentAPI: []
CommentAPI->>Entity: Comment.get(columns, [PLUGIN_ID, id], [USER_ID, userId])
Note over Entity: ⚠️ [USER_ID, userId] treated as options,<br/>filter silently dropped
Entity->>DB: db.prepare(SELECT ... WHERE plugin_id=?).all(id, limit, offset)
DB-->>Entity: first comment for plugin (may belong to another user)
Entity-->>CommentAPI: [row] ← possibly wrong comment
CommentAPI-->>Client: { id: row.id, comment, vote } ← id may be wrong
Last reviewed commit: 465f2ed |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
|
@greptileai Review it again. |
Additional Comments (1)
In the paid-download flow, |
|
@greptileai Review it again. |
| // (if needed, in future) `result` could be set as { rows: [], changes: ..., lastInsertRowid: ... } | ||
| // for now, we'll just set it as an empty array | ||
| stmt.run(...values); | ||
| result = []; | ||
| } |
There was a problem hiding this comment.
Write operations (INSERT/UPDATE/DELETE) now return empty array instead of the actual result info (changes, lastInsertRowid). If callers ever need the insert ID or affected row count, they won't have access to it. This could break code that relies on these values.
There was a problem hiding this comment.
This can be handled in future if needed, Currently it returns empty array for compatibility
|
@greptileai Review changes. |
|
@greptileai review again |
| updateVoteInPlugin(vote, pluginId); | ||
| } | ||
|
|
||
| const [row] = await Comment.get([Comment.ID, Comment.COMMENT, Comment.VOTE], [Comment.PLUGIN_ID, pluginId], [Comment.USER_ID, loggedInUser.id]); |
There was a problem hiding this comment.
Third argument silently treated as options, dropping the USER_ID filter
Entity.get(columns, where, options) takes exactly three positional parameters. Here, [Comment.USER_ID, loggedInUser.id] is passed as the third argument (options), not as an additional WHERE clause. The get method will destructure { page, limit, orderBy, operator } from this array — all of which will be undefined and fall back to defaults — while the user_id filter is completely ignored.
As a result the query only filters by plugin_id, so row will be the first comment on that plugin (in default sort order), not necessarily the one just inserted by the current user. The id sent back to the client in res.send({ ..., id: row.id, ... }) could belong to a different user's comment, causing the client to display or later modify the wrong comment.
The correct way to filter by multiple columns is to pass an array of where-clause tuples as the second argument:
| const [row] = await Comment.get([Comment.ID, Comment.COMMENT, Comment.VOTE], [Comment.PLUGIN_ID, pluginId], [Comment.USER_ID, loggedInUser.id]); | |
| const [row] = await Comment.get([Comment.ID, Comment.COMMENT, Comment.VOTE], [ | |
| [Comment.PLUGIN_ID, pluginId], | |
| [Comment.USER_ID, loggedInUser.id], | |
| ]); |
Additional Comments (1)
This will break the earnings calculation jobs in |
Why
sqlite3 has received no updates in the past 2-3 years and has blockers on package updating, like tar/node-tar, which has vulnerabilities.
Better-sqlite3 is benchmarked to be faster, better, and more updated in comparison to sqlite3.
I've tested as much as I could; breaking changes could occur because of how the better-sqlite3 API is without callbacks.
To Do
The update schema script needs changes.